diff options
| author | Mario <mario@mariovavti.com> | 2019-04-10 13:25:57 +0200 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2019-04-10 13:25:57 +0200 |
| commit | e96fa64625447aed6c2ee83f8bb53007a3b8f8ec (patch) | |
| tree | c7ed6f6889cc48a2f217acd76057e887912e2346 /include | |
| parent | 8dc495c9bcd4e2e59b74913d20b12fada93c5004 (diff) | |
| parent | 999ae6eb494dbe7c700d40a2e7557ebee7157d80 (diff) | |
| download | volse-hubzilla-e96fa64625447aed6c2ee83f8bb53007a3b8f8ec.tar.gz volse-hubzilla-e96fa64625447aed6c2ee83f8bb53007a3b8f8ec.tar.bz2 volse-hubzilla-e96fa64625447aed6c2ee83f8bb53007a3b8f8ec.zip | |
Merge branch 'dev' into 'dev'
Dev
See merge request hubzilla/core!1586
Diffstat (limited to 'include')
| -rw-r--r-- | include/permissions.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/include/permissions.php b/include/permissions.php index 1dcd6accb..501b2cc77 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -157,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if($x && $x[0]['xchan_network'] === 'zot') { + if($x && in_array($x[0]['xchan_network'],[ 'zot','zot6'])) { $ret[$perm_name] = true; continue; } @@ -321,6 +321,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = dbesc($observer_xchan) ); if($y) { + + // This requires an explanation and the effects are subtle. + // The following line creates a fake connection, and this allows + // access tokens to have specific permissions even though they are + // not actual connections. + // The existence of this fake entry must be checked when dealing + // with connection related permissions. + $x = array(pseudo_abook($y[0])); } } @@ -349,6 +357,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set + // We just did that. if(! $observer_xchan) { return false; @@ -357,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) + if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) return true; } @@ -373,8 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection and - // handle whether we're allowing any, approved or specific ones + // From here on we require that the observer be a connection or pseudo connection if(! $x) { return false; |